Thanks for your input I share and really welcome. Regards, Pascal De : Marton, Gabor (NSN - HU/Budapest) [mailto:gabor.marton at nsn.com] Envoyé : jeudi 16 juin 2011 18:04 À : BISSON Pascal; Fiware-security at lists.fi-ware.eu Objet : RE: [Fiware-security] FI-WARE - WP8 - WP6 input document to D2.1a foryour review Dear Pascal and All, I would like to point out to the following security/privacy-related issues w.r.t. the context data enablers. On p.22: 3.1.2.5 Intelligent Services Plugins (algorithms) The Intelligent Services plug-ins interact with the off-line and real-time stream processing enablers, as well as with data that resides in memory and the persistence layer, to provide analytical and algorithmic capabilities in the following main areas: a) Social Network Analysis, b) Mobility Analysis, c) Real-Time Recommendations, d) Behavioural and Web Profiling, and e) Opinion Mining. These topics are privacy-sensitive, therefore we should have the following measures in place. For a), b), d), and e): * user consent for carrying out such analysis and storing the results (derived attributes); * methods for anonymization (de-identification) of the collected data when the processing is carried out by another party; * ensuring, if possible, that the derived attributes cannot be linked to the users' real identity; * user consent for disclosing the derived attributes to third parties; and for c): * user consent for targeting them with such recommendations. On p.30: 3.1.2.7 Publish/Subscribe Broker Target usage Publish[jh1] /Subscribe Enabler includes the features that allows for a data or context [jh2] consumer to subscribe for certain type of data or context. The Enabler provides the subscribed data or context back [jh3] to the subscribed consumer on certain condition and until the subscription will not expire or cancelled. [...] Any component or customer requiring data or context can be subscribed to required information through this Enabler. This Enabler should be designed very carefully from access control point of view, because brokering context data is a privacy-sensitive topic. The notifications about context change must only be sent to such components/services/users that are entitled to receive the information. User consent (among other factors) must be taken into consideration when making the authorization decision. Kind regards, Gábor ________________________________ From: fiware-security-bounces at lists.fi-ware.eu [mailto:fiware-security-bounces at lists.fi-ware.eu] On Behalf Of ext BISSON Pascal Sent: Friday, June 10, 2011 4:25 PM To: Fiware-security at lists.fi-ware.eu Subject: [Fiware-security] FI-WARE - WP8 - WP6 input document to D2.1a foryour review Dear All, As a follow-up of our today's meeting please find attached to this email the WP6 input document to D2.1a I would ask you to read and comment in order to raise security issues we can derive from it as WP8 Security WP. Would appreciate your feedback by next Thursady end of business. Thales & ATOS will consolidate the feedback to answer WP6 demand. Thanks in advance for your cooperation. Regards, Pascal ________________________________ [jh1] [jh2] [jh3] -------------- next part -------------- An HTML attachment was scrubbed... URL: <https://lists.fiware.org/private/old-fiware-security/attachments/20110616/829934e0/attachment.html>
You can get more information about our cookies and privacy policies clicking on the following links: Privacy policy Cookies policy